Code Monkey home page Code Monkey logo

Comments (4)

qururoland avatar qururoland commented on June 18, 2024 1

We have successfully used ActiveDirectory, Red Hat IDM/389/OpenLDAP and cloud services like JumpCloud for authentication in QIS. We also spent quite a bit of time working on a solution to automatically secure images to one (or more) known users but that was a couple of years ago. This was for users to upload images of their high value works of art and to then control which other users they would let see the image.

I will have a hunt through the code and documentation to see what I can find of this work and will let you know.

from qis.

martnst avatar martnst commented on June 18, 2024

As fair as I know Keycloak only has capabilities federate user from ActiveDirectory and LDAP, but does not acts as a source for other systems. Hence, my idea to use OpenID connect.

from qis.

qururoland avatar qururoland commented on June 18, 2024

Project lead coder fozcode has spent some time on OpenID Connect on another project. It's based on OAuth 2, the standard that one of the original designers resigned from because industry pressure made it too complicated to implement safely.

But the gist of it is that you authenticate with a 3rd party and the 3rd party gives you 3 tokens, one saying who you are, one saying what your application permissions are (defined on their side), and one for renewing the tokens before they expire.

QIS would need something like we already did here:
#27

Whereby if they're not authenticated we redirect away to the 3rd party login page, and that redirects back to QIS with the tokens. QIS would then need to check the 3rd party tokens for expiry as part of its middleware, and have a link between the 3rd party token and its own user database, e.g. with the username or email address embedded inside the token.

Is this the sort of thing that you are thinking about?

from qis.

martnst avatar martnst commented on June 18, 2024

Hi Roland, yeah that sound about right to me.

The redirect flow would not be need in our case where our React frontend would only talk to the QIS REST API. Instead of getting a token from QIS the frontend would come with an OIDC auth token right away. However I could Imagine this would be needed you one would want to use a OPID Connect based IDM to kinda not use the QIS own user management at all.

Best, Martin

from qis.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.